CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

45,414 vulnerabilities with CWE-79
CVE-2024-11971 LOW
Guizhou Xiaoma Technology jpress 5.1.2 - XSS
CVSS 3.5
CVE-2024-53731 MEDIUM
Fintelligence Calculator <1.0.3 - XSS
CVSS 6.5
CVE-2024-53737 MEDIUM
WP Mailster <= 1.8.16.0 - Stored Cross-Site Scripting
CVSS 6.5
CVE-2024-53733 HIGH
Fence URL <= 2.0.0 - Stored Cross-Site Scripting
CVSS 7.1
CVE-2024-11402 HIGH
WP-speedup Block Editor Bootstrap Blocks <6.6.1 - XSS
CVSS 7.1
CVE-2024-52283 MEDIUM
SUSE hackweek < 8d2b6bda67bd0f1914cb0851b8ae71b73e26b156 - Stored Cross-Site Scripting
CVSS 5.7
CVE-2024-49503 LOW
SUSE manager <5.0.15-150600.3.10.2 - XSS
CVSS 3.5
CVE-2024-49502 LOW
SUSE Manager Server Module < 4.3.42-150400.3.52.1 - Cross-Site Scripting in Setup Wizard HTTP Proxy Credentials Pane
CVSS 3.5
CVE-2024-11788 MEDIUM
StreamWeasels YouTube Integration <1.3.6 - XSS
CVSS 6.4
CVE-2024-11786 MEDIUM
WordPress Login with Vipps & MobilePay <1.3.3 - XSS
CVSS 6.4
CVE-2024-11761 MEDIUM
LegalWeb Cloud <= 1.1.2 - Authenticated Stored Cross-Site Scripting via legalweb-popup Shortcode
CVSS 6.4
CVE-2024-11685 MEDIUM
Kudos Donations - Easy donations and payments with Mollie <3.2.9 - XSS
CVSS 6.1
CVE-2024-11684 MEDIUM
Kudos Donations < 3.2.9 - Unauthenticated Reflected XSS via 's' Parameter
CVSS 6.1
CVE-2024-11458 MEDIUM
FAQ Builder AYS < 1.7.1 - Unauthenticated Reflected Cross-Site Scripting via ays_faq_tab Parameter
CVSS 6.1
CVE-2024-11431 MEDIUM
Ragic Shortcode <= 1.2 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-11366 MEDIUM
SEO Landing Page Generator <1.66.2 - XSS
CVSS 6.1
CVE-2024-11333 MEDIUM
HLS Player <= 1.0.10 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes
CVSS 6.4
CVE-2024-11203 MEDIUM
EmbedPress < 4.1.3 - Authenticated Stored Cross-Site Scripting via Provider Name Parameter
CVSS 6.4
CVE-2024-10510 MEDIUM
adBuddy+ (AdBlocker Detection) < 1.1.3 - Authenticated Stored Cross-Site Scripting in Plugin Settings
CVSS 4.8
CVE-2024-10493 MEDIUM
Element Pack Elementor Addons < 5.10.3 - Stored Cross-Site Scripting via Block Options
CVSS 5.4
CVE-2024-10473 MEDIUM
Logo Slider < 4.5.0 - Authenticated Stored Cross-Site Scripting in Logo Settings
CVSS 5.4
CVE-2024-54003 HIGH
Jenkins Simple Queue Plugin <1.4.4 - XSS
CVSS 8.0
CVE-2024-52951 HIGH
Omada Identity - Authenticated Stored Cross-Site Scripting in Access Request History
CVSS 8.0
CVE-2024-46055 MEDIUM
OpenVidReview 1.0 - Stored Cross-Site Scripting in Review Names
CVSS 4.8
CVE-2024-53635 MEDIUM
PHPGurukul COVID 19 Testing Management System 1.0 - Reflected Cross-Site Scripting via searchdata Parameter
CVSS 4.8
Details
Vulnerabilities 45,414
Exploit Likelihood High